Comment 227 for bug 2059809
Revision history for this message
| Dan Smith (danms) wrote Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498) | #227 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Glance is not (that I can see) susceptible to the QED attack once the earlier fixes are applied, so I avoided updating all the glance backports as well. Since glance is the source of truth for format-inspector, I just added the new functionality there for people using it elsewhere (me in nova, brian in cinder).
However, for consistency and to avoid confusion, I'll update the backports as well here shortly.